H@L0_F00
-
Posts
834 -
Joined
-
Last visited
-
Days Won
2
Posts posted by H@L0_F00
-
-
-
Maybe you're too far from it? Maybe your MAC is blacklisted? There could be many reasons for the association to not complete successfully.
EDIT: dhclient <NIC> will obtain and set your IP, Gateway, DNS, etc. from a DHCP server. So, c0r might think he's not connected to the AP because he wasn't using dhclient and didn't get an IP address, and therefore, has no internet access.
-
I'll buy another IP or domain name.
I really doubt it will be blocked, especially anytime soon.
-
I want it to be as idiot-friendly as possible though. I also want it to be easy to use. I think I'll stick a ready to use portaPuTTY or KiTTY on the server so they can just download, select an option or two, click connect, and be good. I need to write a program or script that can change the Firefox and IE proxy settings, so the users won't have to do that either. As for authentication, I'll just be using whatever password they want.
-
I've talked to quite a few friends at school and I think I've got at least 6-7 people that would all be willing to pay for an SSH tunnel proxy. It's looking like I'll most likely go with GoDaddy's Unlimited Plan for a few months (until school is out, probably). I'm thinking about maybe using a local or browser exploit if elevated privileges are needed (cmd, batch scripts, etc.), instead of giving out the Admin passwords. This will be rather effective because the computers are *never* updated. We're actually running IE 6 and Firefox 2.0 with Deep Freeze.
I need to find out how to restrict users to a single active login at a time to prevent them from just sharing the same user/pass... I will give them /bin/false as their shell, just in case somebody thinks they'll try to be funny with the server.
What do you all think of the idea? What else could/should I do?
Thanks.
-
If it can boot in a VM, the problem is almost certainly the computer from which you are trying to boot it from. If you get the same error in the VM, then it is almost certainly the USB setup.
-
All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER.
EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing.
Actually, I'm quite certain I'll go with Sparda's suggestion. It's just what I was looking for.
EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired?I've already had a talk with his boss... After the SysAdmin told him what he knew about me *at the time*, his boss was skeptical, so he came down to my school the next day. I was told he said something along the lines of "I don't think we have any students that smart..." (Although I didn't take any credit for being able to run Ophcrack... I also explained to him that *anybody* could use it and it's the most mainstream way to crack Windows passwords/). We had a conversation about how I was able to boot Ophcrack from my flash drive, crack all of the passwords within a few minutes, and how I implemented the same passwords on the Mac systems. I then also told them how easy it is to completely disable Deep Freeze and re-enable it without them every having reason to be suspicious. He was taking notes the whole time... :)
-
There is also http://www.simpledns.com/ for doing dns on windows boxes without server 2003, etc. I never tried it, but supposed to be simple to use (Not free though).
BIND has Windows binaries as well.
-
Saw that recently on the Defcon 17 MetaSploit Track
-
BT4 doesn't work on any of the computers? Is it the same errors? Can you try it in a VM?
-
From some nmap scans, I have found some Blue Coat systems. I'm almost positive there will be more than one... I'll just have to do some more digging.
-
Yeah... And the really sad thing is that it's a district wide image, meaning essentially ALL computers have the same passwords (OS X and XP machines have the same passwords for similar accounts). That's kind of why I want to put together a PoC and hopefully get them to realize what somebody *could* do... Like setup a botnet that bruteforces, sayyyy... the proxy server that restricts internet access for THE ENTIRE DISTRICT to sites on its blocked list? Or maybe even bruteforce the local servers that contain the grade databases? Or (assuming they have some type of IDS... I hope...), one could simply DDoS the proxy server or local servers...
Keyloggers are an option, but AFAIK, there is nothing that can be done to disable Deep Freeze remotely. Deep Freeze gives an attacker quite the advantage though... Once a computer is shut off, all logs are gone for good... Profit? lol
Anyways, I'm still not sure what I should do with the PoC? I mean, I have root access, I could do anything... I've checked out some cool commands/scripts that could disable the Dock via terminal, use the default OS X screen saver as the desktop background, etc. but I want to do something that would illustrate the potential for malicious things to occur. I found that OS X has say. I found a script that can manipulate the volume, so I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" ;)
Any ideas?
-
Can you boot it in a VM?
If not, there is most likely something wrong with the MBR of your drive, or it may be missing entirely.
-
It has to do with the emulation being lost when Windows boots. I successfully created a PE that loads into RAMdisk from the first link, although you might find the other two useful:
http://www.911cd.net/forums/index.php?showtopic=10482
-
Post lolcats all over 4chan
-
-
I have sudoer access (meaning I can "sudo su" and get root) to a whole bunch of Mac OS X systems (same user name and password for them all) at my school. The Network Admin already knows this because I told him and we're on a good basis. I want to put together some type of PoC for him and the district guy (his boss). Is it possible to write a script or something that can SSH into a bunch of different IPs with the user and pass already given (because they are all the same...) and execute a given command after logging in?
Thanks.
-
The only real "starting point" is the first time you have access to a computer... There are so many different aspects of computers/coding/hacking/cracking/etc that nobody can give you a surefire way to start learning. The way you learn is just by doing. Yes, by all means, get a good basis in coding if you want. Although many say it is not necessary, it will come in handy more times than you can count, even if you don't get into exploitation. Also, yessss get an old computer or two. Network these computers. Learn the basics of networking. Setup some random Linux distro on one. Setup WinXP with no service packs on the other. Do whatever you want with them. If you want to get into exploitation, get SYSTEM access to the XP box. Setup an SSH server on the Linux box and try to do everything through SSH remotely. Don't worry about remembering all the different arguments (that is what man pages are for) for the different programs, just try to remember what some of them can do and can be used for.
I wanted a book that could tell me everything when I started out too... But I've really come to realize that the more you just mess with the computers, the more you will learn. This knowledge will stay with you too, unlike if you were to read it from a book and forget it within a few days. Set a goal: Try to learn something exciting and new everyday. This will keep you motivated. Otherwise, you'll get in a rut and stop learning new things. Also, go back and watch some episodes that sound interesting to you. Hope I helped and good luck.
-
I once tried to look into looping a video to my instructors computer (we use Vision6)... It was way over my head. I tried packet analysis, which I have absolutely no background in, and I had no idea how to go about capturing the packets I needed...
I just got a great idea though... maybe. It might be possible to forward all traffic coming from the client through your computer and to another computer with the software installed. The same image would be displayed at almost the exact same time, so it might be rather noticeable, unless you could delay the packets maybe. Just an idea.
-
-
-
I always use Malwarebyte's Anti-malware.
-
If you are going to install a Ubuntu, there isn't much of a reason to install BT4. Use it from a flash drive or DVD until you can get everything running in Ubuntu. You can image your XP install with Clonezilla and save it in case you want to revert. If you still want XP, and Win7 works, install it in a VM.
-
Alpha Shield Firewall
in Security
Posted
So... It blocks incoming connections, but not outgoing? Just like every other firewall.